Tom Olzak, CISSP

How To Protect Laptop Computers

Defending against accidental or malicious misuse, loss, or theft of laptops is a crucial part of SMB security planning and design. In this section, we look at the differences between protecting these mobile devices and static desktop systems.

Security Planning: Regulatory Considerations

Security Planning: Regulatory Considerations

In this section, I’ll step through—at a high level—four common U.S. regulations which affect what controls you’ll design into your network. We’ll end with a short converstaiton about the PCI DSS, which forms the basis for the remaining sections of this manual.

SigCheck Validates System Files

Knowing the system files and other application components on your computer are genuine is an important part of troubleshooting anomalous behavior or cleaning critical systems. It can also come in handy when determining who to blame when your computer frequently displays the BSOD.

Data ownership and classification

Security planning consists of three steps: assigning data owners and data classification, understanding how sensitive information is used, and developing a security strategy and controls design. In this article, we step through the initial planning step: data ownership and classification.

How to use PsLogList

PsLogList is a free Sysinternals (Microsoft) download which allows security and system administrators access to local and remote system application, security, and system log entries. It’s also a great forensics tool.

Small Business Security: a 101

This is the introductory article in a series covering all aspects of securing a SMB’s sensitive data and critical systems. When the series is complete, it will be a how-to manual for unserstanding security and how to apply just enough resources to protect information assets without going broke.

Streamline Kiosk Operation with Autologon

Many organizations need shared workstations, kiosks providing general information to most or all its employees. The challenge is getting a network-connected computer to access resources without giving every employee a network login. Auto-logon can help.